NIST Control Families Flashcards

Question 1

Q

AC

Answer

A

Access Control

Account mgmt, access enforcement into and within system, separation of duties, least privilege, logons, remote access, wireless access, mobile device access.

Question 2

Q

AT

Answer

A

Awareness Training

Role-appropriate security awareness training, training records.

Question 3

Q

AU

Answer

A

Audit and Accountability

Log events, analyze logs, protect logs, ensure non-repudiation of logs.

Question 4

Q

CA

Answer

A

Security assessment and authorization

Assessment plan, pen testing, assessments, POA&M, OA authorization.

Question 5

Q

CM

Answer

A

Configuration Management

Baseline and configuration management, inventory, sw installation and usage restrictions (licensing).

Question 6

Q

CP

Answer

A

Contingency planning

Backup and restore, alternate sites.

Question 7

Q

IA

Answer

A

Identification and authentication

Technical controls. User and device identification (ex: RADIUS).

Question 8

Q

IR

Answer

A

Incident response

IR planning, training, testing, incident handling, incident reporting.

Question 9

Q

MP

Answer

A

Media protection

Media marking, transport, sensitization and use policy.

Question 10

Q

PE

Answer

A

Physical and environmental protection

Guards, guns and gates. Emergency power, fire protection, temperature control.

Question 11

Q

PL

Answer

A

Security planning

SSP, SECONOPS, info sec architecture,

Question 12

Q

PM

Answer

A

Program management

Question 13

Q

PS

Answer

A

Personnel security

Administrative controls. Position risk, screening, terminations, NDAs.

Question 14

Q

RA

Answer

A

Risk assessment

Security categorization, risk assessments, vulnerability scanning, technical surveillance countermeasures survey.

Question 15

Q

SA

Answer

A

System and services acquisition

Administrative controls. Adequate budgeting, software development life cycle, sw engineering principles, acquisition process, supply chain protection, external developer services

Question 16

Q

SC

Answer

A

System and communications protection

Technical controls. Firewalls, PKI management, VOIP, DNS, ARP, application partitioning, security function isolation, denial of service protection, data transmission confidentiality, honeypots, WIFI transmission protection, port access.

Question 17

Q

SI

Answer

A

System and information integrity

Technical controls. Patches, anti-malware, anti-spam, IDS, alerting, detect unauthorized changes, data input validation, error handling.

Question 18

Q

MA

Answer

A

Maintenance

Administrative controls. Controlled maintenance, management of tools, vendor maintenance, maintenance personnel

Question 19

Q

ISC2

Answer

A

International Information System Security Certification Consortium

Brainscape's Knowledge GenomeTM

NIST Control Families Flashcards

Brainscape's Knowledge Genome^TM